Trusted HTTP-FUSE KNOPPIX501 is released
"Trusted HTTP-FUSE KNOPPIX501" is released. It keeps Trusted Boot with
TPM(Trusted Platform Module) and Trusted GRUB.
http://unit.aist.go.jp/itri/knoppix/http-fuse/index-en.html
We developed a trusted network loopback block device "Trusted
HTTP-FUSE CLOOP" and integrated it to KNOPPIX. It also includes
Trusted GRUB and enables Trusted Boot with TPM1.1. It keeps log of
attached devices and accessed block. We can confirm the attestation
from the log. The Bootable CD size is only 9MB, because the block
device is obtain via Internet using Trusted HTTP-FUSE KNOPPIX.
Trusted GRUB
http://trousers.sourceforge.net/grub.html
* ISO file (only 9MB)
http://unit.aist.go.jp/itri/knoppix/http-fuse/httpfuse-trusted_20061101.iso
(MD5:c98fcc4b77404b69dcc96b71de1d6a3d)
* Usage
* Requirement:
* Internet connection.
* PC which can deal with Trusted boot using TPM1.1. Please turn on
TPM in BIOS. We confirmed Trusted Boot on IBM ThinkPAD X30&T42.
Burn a CD-ROM with the iso file. Boot from the CD-ROM. You can add
options at GRUB stage 1.5. During booting you finds menu for
download server of block files. Please select the nearest
server. (3 servers in EU, 3 servers in US, and 13 servers in
Japan.)
* Additional Options:
* http_proxy=
Designate proxy URL.
Example http_proxy=http://proxy.aist.go.jp:8080
* staticipaddress
Set Static IP address during boot sequence.
"IPaddress:", "Netmask:", "Default Gateway:", "Name Server:"
* memcache
Download block files to RAM DISK. Requires much memory.
* nocache
Block files aren't saved.
* fuse_uri=
Designate direct URI of block files.
Example fuse_uri=http://ring.aist.go.jp/archives/linux/knoppix/knx501tpm/knoppix501en
* How to check Trusted Boot (Example: on ThinkPAD T42 & X30 with Atmel
TPM 1.1 Chip)
* Check the Trusted Boot
* Preparation
# modprobe atml_tpm
# mount -t security none /sys/kernel/security
Check the log of Trusted Boot
# cat /sys/kernel/security/tpm0/ascii_bios_measurement
5 2907b0a74e2e025f863bda3dd55a9ada385dcf28 04 [Event Separator]
6 2907b0a74e2e025f863bda3dd55a9ada385dcf28 04 [Event Separator]
7 2907b0a74e2e025f863bda3dd55a9ada385dcf28 04 [Event Separator]
4 c1e25c3f6b0dc78d57296aa2870ca6f782ccf80f 05 [Calling INT 19h]
4 38f30a0a967fcf2bfee1e3b2971de540115048c8 05 [Returned INT 19h]
4 7ca42b22324927c400263bae94e1e7cc28655532 05 [Booting CD ROM]
4 5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5 01 [POST CODE]
5 3315669a981d24f825eff4f2cc6f1d35093dfe8b 01 [POST CODE]
8 27fb6f0e387394ff8a125e225ab0eed21496f773 01 [POST CODE] *** kernel "linux"
8 0e8daebdd20d97a3761803c473bc77ed82a5e996 01 [POST CODE] *** miniroot "minirt.gz"
Confrim the SHA1 value.
# sha1 /mnt/cdrom/boot/isolinux/linux
27fb6f0e387394ff8a125e225ab0eed21496f773 /mnt/cdrom/boot/isolinux/linux
# sha1 /mnt/cdrom/boot/isolinux/minirt.gz
0e8daebdd20d97a3761803c473bc77ed82a5e996 /mnt/cdrom/boot/isolinux/minirt.gz
* Check the Register of TPM
# cat /sys/device/platform/tpm_atmel/pcrs
PCR-00: EC 44 13 64 3D 36 06 10 C0 26 D2 90 79 FD 95 A4 D6 FC B9 C1
PCR-01: C0 A9 46 A3 A4 24 B2 F0 61 2C BA B7 9D 81 E4 F8 1A 71 AC 67
PCR-02: EB B3 BA AE E7 57 4B B6 37 AA AB 67 0F 9A C1 BC EB 6F 80 F3
PCR-03: 04 FD EC DD 50 1D AF 0F 62 4C 1F 99 60 12 CF 30 44 FF 46 10
PCR-04: 01 56 4F A7 09 AE 00 B1 90 84 28 D3 09 09 A1 F9 AD B5 53 29
PCR-05: 1A F1 39 04 08 69 63 DE 79 41 E4 2E 68 DE 2E B0 B7 85 BD 82
PCR-06: 04 FD EC DD 50 1D AF 0F 62 4C 1F 99 60 12 CF 30 44 FF 46 10
PCR-07: 04 FD EC DD 50 1D AF 0F 62 4C 1F 99 60 12 CF 30 44 FF 46 10
PCR-08: AF 8F 70 C0 A6 92 7C 6F A6 FA 6B F1 D8 94 AC F0 F2 04 BC CA
PCR-09: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR-10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR-11: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR-12: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR-13: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR-14: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR-15: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
* Check the log of Trusted HTTP-FUSE CLOOP
# tail -f /var/log/fs_wrapper_PID.log
1150452051.109: #00000000(845b31ded38e15c1fa8febf97fe0781f23af98c3) :missed.
1150452051.112: #00000000(845b31ded38e15c1fa8febf97fe0781f23af98c3) :hits.
1150452051.112: #00000001(166cbaedbb1cc836e7c95d7d9943efde5a53829e) :missed.
1150452051.113: #00000002(29c4e363dbad648072751ca1f856e5780dd2981d) :missed.
1150452051.114: #00000003(fa8ad05b713a9cf8a701636ca6c353dc58fd6bfd) :missed.
1150452051.114: #00000004(1f82a543fa9310c44eff6a13618beca3cacffc12) :missed.
When you run a application, accessed blocks are logged. Please confirm.
* Publications:
(1) "Trusted Boot of HTTP-FUSE KNOPPIX", Kuniyasu Suzaki, Toshiki
Yagi, Kengo Iijima(AIST), Megumi Nakamura, Seiji Munetoh (IBM
Japan), Linux-Kongress 2006,
(2) "Security Enhancement of HTTP-FUSE Knoppix Client by Trusted
Computing", Megumi Nakamura, Seiji Munetoh (IBM Japan), Kuniyasu
Suzaki, Kengo Iijima, Toshiki Yagi, Ichiro Osawa (AIST), ISEC2006
(Written in Japanese)
------
suzaki
Reply to: